Hi, I am trying to test accessing the /userinfo endpoint and am wondering if I can obtain an access token using the Auth0 Management API->Test with Client ID/secret and user_id/email, without having to go through the login process. I would then send the access token to /userinfo to get user information (e.g. email). Normally, the users would login through the app (SPA), but this is for testing purposes. Thx
We don’t support user impersonation due to a variety of security concerns. We would recommend creating test users for this type of applicaiton.
The issue isn’t with creating test users, the issue is with obtaining an access token for that test user. Can you recommend a command line method where I can supply the test user’s credentials (login/password) and get back a Bearer token to test with?
The resource owner password grant will act like you are describing. You can activate it for your command line app temporarily, then disable it when testing is complete.
This worked, thank you Dan. To confirm, the setting which enables this workflow is Grant Types: Password which allows the application (CLI/cURL in this case) to obtain and submit a password itself, as opposed to redirecting the end user to an Auth0 server and the end user entering the password there?
The description you just gave sounds correct to me. Here is the API documentation if you want to see more about it:
If you haven’t already, read the warnings about using this flow. It has some added risks that you should understand and address. This info is available in the original doc I linked and the related docs.